[Bug 1582340] Re: [SRU] Sync drupal7 7.43-3 (universe) from Debian unstable (main)

Wed Jun 1 17:12:44 UTC 2016

Thanks for the pointers!  I've uploaded a backported version to xenial.
I'll subscribe the SRU team here for the next steps.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1582340

Title:
  [SRU] Sync drupal7 7.43-3 (universe) from Debian unstable (main)

Status in drupal7 package in Ubuntu:
  Fix Released
Status in drupal7 source package in Xenial:
  New

Bug description:
  Drupal7 in 16.04 has been left as broken while we wait on upstream
  Drupal7 to gain PHP7.0 compatibility. This has been achieved in
  Debian's current version, which we should be able to sync as we have
  no delta currently.

  [Impact]

   * drupal7 is currently uninstallable in 16.04.

  [Test Case]

   * There is no test case for this issue, other than attempting to
  install drupal7 itself, which will currently fail due to php5
  dependencies.

  [Regression Potential]

   * As drupal7 is currently uninstallable, there is no possibility of
  regression in 16.04 itself.

  [Other Info]

   * To reiterate, the plan for drupal7 in 16.04 was to wait for PHP7 compatibility to be available and to SRU in the corresponding version.

  Please sync drupal7 7.43-3 (universe) from Debian unstable (main)

  Changelog entries since current xenial version 7.41-1:

  drupal7 (7.43-3) unstable; urgency=medium

    * Moved the farbstatic sources from debian/missing-sources
      todebian/missing-sources/misc, to keep lintian happy
    * The right name for one of our conditional dependencies is no longer
      php-sqlite, but php-sqlite3. Thanks to Nish Aravamudan for pointing
      this out!

   -- Gunnar Wolf <gwolf at debian.org>  Mon, 09 May 2016 12:25:34 -0500

  drupal7 (7.43-2) unstable; urgency=medium

    * Update dependencies to use PHP 7 instead of 5 (Closes: #821482)
    * Updated debian/watch to work reliably
    * Standards-version 3.9.6.0→3.9.8 (no changes needed)

   -- Gunnar Wolf <gwolf at debian.org>  Mon, 09 May 2016 10:54:11 -0500

  drupal7 (7.43-1) unstable; urgency=high

    * New upstream version
    * Fixes several security vulnerabilities (SA-CORE-2016-001): File
      upload access bypass and DoS, brute force amplification attack via
      XML-RPC, open redirect via path manipulation, reflected file
      download, wrong modes set on some user accounts setting saves,
      information disclosure of email addresses
    * Several non-security bugfixes from 7.42 included
    * Fix typo in README.Debian
    * Add several needed lintian overrides

   -- Gunnar Wolf <gwolf at debian.org>  Thu, 25 Feb 2016 22:43:55 -0600

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/drupal7/+bug/1582340/+subscriptions